- name: setup the database
  hosts: db01.iad2.fedoraproject.org:db01.stg.iad2.fedoraproject.org
  gather_facts: no
  become: yes
  become_user: postgres
  vars_files:
  - /srv/web/infra/ansible/vars/global.yml
  - /srv/private/ansible/vars.yml
  - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  tasks:
  - name: waiverdb DB user - prod
    postgresql_user:
      name: "waiverdb"
      password: "{{ prod_waiverdb_db_password }}"
    when: env != 'staging'
  - name: waiverdb DB user - staging
    postgresql_user:
      name: "waiverdb"
      password: "{{ stg_waiverdb_db_password }}"
    when: env == 'staging'
  - name: waiverdb database creation
    postgresql_db:
      name: "waiverdb"
      owner: "waiverdb"
      encoding: UTF-8


- name: make the app be real
  hosts: os_control[0]:os_control_stg[0]
  user: root
  gather_facts: False

  vars_files:
    - /srv/web/infra/ansible/vars/global.yml
    - "/srv/private/ansible/vars.yml"
    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  roles:
    - role: rabbit/user
      username: "waiverdb{{ env_suffix }}"
      sent_topics: ^org\.fedoraproject\.{{ env_short }}\.waiverdb\..*

    # The openshift/project role breaks if the project already exists:
    # https://pagure.io/fedora-infrastructure/issue/6404
    - role: openshift/project
      app: waiverdb
      description: waiverdb
      appowners:
        - ralph
        - mjia
        - dcallagh
        - gnaponie
        - cverna
        - pingou
        - lholecek
        - vmaljulin
      tags:
        - apply-appowners

    - role: openshift/object
      app: waiverdb
      template: secret.yml
      objectname: secret.yml

    - role: openshift/secret-file
      app: waiverdb
      secret_name: waiverdb-stg-secret
      key: client_secrets.json
      template: client_secrets.json

    - role: openshift/secret-file
      app: waiverdb
      secret_name: waiverdb-fedora-messaging-key
      key: waiverdb.key
      privatefile: "rabbitmq/{{env}}/pki/private/waiverdb{{env_suffix}}.key"

    - role: openshift/secret-file
      app: waiverdb
      secret_name: waiverdb-fedora-messaging-crt
      key: waiverdb.crt
      privatefile: "rabbitmq/{{env}}/pki/issued/waiverdb{{env_suffix}}.crt"

    - role: openshift/secret-file
      app: waiverdb
      secret_name: waiverdb-fedora-messaging-ca
      key: waiverdb.ca
      privatefile: "rabbitmq/{{env}}/pki/ca.crt"

    - role: openshift/object
      app: waiverdb
      template: imagestream.yml
      objectname: imagestream.yml

    - role: openshift/object
      app: waiverdb
      template: buildconfig.yml
      objectname: buildconfig.yml

    - role: openshift/object
      app: waiverdb
      template: configmap.yml
      objectname: configmap.yml

    - role: openshift/object
      app: waiverdb
      file: service.yml
      objectname: service.yml

    - role: openshift/route
      app: waiverdb
      routename: web-pretty
      host: "waiverdb{{ env_suffix }}.fedoraproject.org"
      serviceport: web
      servicename: waiverdb-web

    # TODO -- someday retire this old route in favor of the pretty one above.
    - role: openshift/object
      app: waiverdb
      file: route.yml
      objectname: route.yml

    - role: openshift/object
      app: waiverdb
      template: deploymentconfig.yml
      objectname: deploymentconfig.yml

    - role: openshift/rollout
      app: waiverdb
      dcname: waiverdb-web
